WordPress + Bootstrap

So five days on from the Brexit referendum and it is clear that that there is no clear, carefully thought out strategy for extricating ourselves from the EU legal edifice. If you feel that this ‘make it up as we go along’ approach to the biggest legal and political challenge which our country has faced in decades is somewhat less than satisfactory, you will be pleased to learn you are not alone.

But if the path to Brexit is unclear you can at least assume that the journey will not be swift. Indeed, it seems likely that it will take at least two years and probably more before we part company with our EU brethren. Why does this matter, apart from the fact that it leaves our country in a protracted state of general confusion and uncertainty? Well for the readers of this blog it matters because there is at least one major piece of EU legislation which is due to take effect within the next two years, namely the EU General Data Protection Regulation.

Continue reading →

THIS POST SHOULD BE READ IN CONJUNCTION WITH MY MORE RECENT POST ON THIS SUBJECT – SEE HERE

As we all reel in shock at today’s news, thoughts will inevitably turn to how our impending divorce from Europe will impact on the sphere of data protection. Our own data protection laws have of course been profoundly shaped by Europe. Until yesterday, many had assumed that Europe’s control over our data protection laws would in due course become even more intensive, as we journeyed into a world in which the EU Data Protection Regulation reigned supreme across Europe. However, the clocks have stopped. The Regulation is not to become law in the UK. The future of data protection law is therefore necessarily shrouded in mystery. Continue reading →

It is often remarked that there is a paucity of clear binding authority on how to interpret the definition of “environmental information” set out in regulation 2 of the Environmental Information Regulations 2004. The issue is important: it is pivotal to whether a request for information is considered under the EIR or under FOIA. The leading domestic authority to date is the decision of the Upper Tribunal in DECC v IC and Henney [2015] UKUT 0671 (AAC). Continue reading →

If I am an extremely well-regarded academic at Cambridge (don’t snigger at the back, I could be) and due to my eminence I do some unpaid voluntary work for a major international group (here, the Inter-Governmental Panel on Climate Change), the work in relation to which I do over my university email account, are those emails held by the University under the Environmental Information Regulations 2004 (“EIR”)?

Continue reading →

Employment lawyers have tended to see data protection as an employee weapon; in particular the strategic fishing expedition subject access request as a precursor to High Court or Tribunal claims. But there is at least one angle from which the DPA can be used as a weapon of attack by employers against former employees. Where an employee leaves their employer and takes a client list with him, not only will he be in breach of the usual restrictive covenants he is likely to have, but he may also have committed a criminal offence under section 55 DPA. Continue reading →

Remember how the whole point of the Schrems litigation was that the Irish Data Protection Commissioner wasn’t doing enough (/anything) to query the protections available for data subjects in the US under the Safe Harbor scheme? Well, with the zeal of the convert – or alternatively, on the basis of once bitten, twice shy – the Irish DPC has now announced that its new-found energy encompasses a desire to call into question the compatibility of US data transfers under the approved Standard Contract Clauses, in the light of the Schrems judgment.

Continue reading →